Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

RightScale Webinar: Compliance in the Cloud


Published on

In this webinar we will demonstrate the combined power of RightScale and Logicworks, and how to achieve security compliance standards in the cloud. Learn about Logicworks’ approach to compliance from a business level perspective and how to use RightScale to manage servers in compliant environments.

In this webinar, we’ll discuss:

- Business objectives that drive compliance in the public IaaS cloud
- The fundamentals of both PCI and HIPAA compliance
- A case example that demonstrates compliance applied to the Logicworks environment build model

We will conclude with an assessment of how to satisfy both the technical and business level objectives at your organization. This webinar will give you a greater understanding of how compliance needs can be met in the cloud.

Published in: Technology, Business
  • Be the first to comment

RightScale Webinar: Compliance in the Cloud

  1. 1. Compliance in the Cloud September 27, 2012 Watch the video of this webinar
  2. 2. # 2Your Panel TodayPresenting:•Hunter Williams, Business Development, RightScale•Paul Jacoby, Vice President, Client Services, Logicworks•Kyle Hultman, Senior Solutions Architect, LogicworksQ&A:David Manriquez, Account Manager, RightScale Please use the “Questions” window to ask questions any time!
  3. 3. # 3Agenda for Today• Why cloud management?• Compliance in the context of Web Infrastructure• Use Case Highlights: o Business challenge o Private Cloud o Security overlay o RightScale incorporation• Compliance is more than just security Please use the “Questions” window to ask questions any time!
  4. 4. # 4Why Cloud Management? Abstraction with Visibility and Customization Control Complete customization One place to manage without the hassle your infrastructure Choose Your Own Automation is the Clouds Core Vendor freedom across Massively scalable and hardware and software super agile applications Tap into Cloud Expertise Experienced architects and support teams
  5. 5. # 5RightScale Pioneered Cloud Management
  6. 6. # 6RightScale Cloud Management Governance Controls Automation Engine Control access and security, track Monitor, alert, auto-scale, and usage, and access logs automate operations MultiCloud Marketplace™ Configuration Framework Access cloud-ready, customizable Provision servers and execute scripts ServerTemplates™ with consistency MultiCloud Platform Manage public, private, and hybrid clouds
  7. 7. # 7Automation Engine Requests per Requests per second second• Each color band is is Monitoring and alerting Each color band for1 server for1 server • Server and application • Escalations and triggers• Auto-scaling Looks like load is is evenly distributed across 6 of 8 servers Looks like load evenly distributed across 6 of 8 servers• Operational automation • Database backup, failover, recovery • Script execution • Code deploys and patches
  8. 8. # 8Configuration FrameworkRightScale ServerTemplates™•Reproducible: Predictabledeployment•Dynamic: Configuration fromscripts at boot time•Multi-cloud: Cloud agnosticand portable•Modular: Role and behaviorabstracted from cloudinfrastructure
  9. 9. # 9Governance Controls• Access and security • Authentication, roles, permissions • Umbrella accounts and sharing• Auditing and logging • Server logs • Infrastructure audits and tracking• Usage and cost metering • Cost tracking and quotas • Real-time run rate projections
  10. 10. # 10Introduction to Logicworks • Founded in 1993 • Design, build manage, monitor and maintain mission critical infrastructures • Work across industry verticals, with SaaS, Healthcare, Media/Advertising, Financial Services and startups • Help our clients win their deals by acting as infrastructure security experts • Combine the efficiency and flexibility of cloud computing with our decades of experience in complex managed hosting to identify and design the right hosting solution for our clients
  11. 11. # 11The Cloud, Your Way: Public. Private. Hybrid UNCOMPROMISING SUPPORT PUBLIC CLOUD PRIVATE CLOUD HYBRID CLOUD Ideal for: Companies that  Ideal for: Software,  “Own the base, rent the spike” have computing resource healthcare, financial service, needs that vary over time and ecommerce companies  Ideal for: Companies that want to leverage cloud efficiency Flexibility and scalability  High availability, and flexibility while protecting with Logicworks’ performance, compliance sensitive data and proprietary performance and reliability and redundancy information  Complex Managed Hosting  Combines the benefit of dedicated capacity with flexible, usage based consumption
  12. 12. # 12How Logicworks Differentiates Itself
  13. 13. # 13Impact of Compliance SO WHY ARE YOU Compliance impacts ON THIS CALL? businesses differently • Range of compliance needs Drivers to compliance are different • Audit questions for applications and internal processes • Necessary documentation • Best practices
  14. 14. # 14Compliance is Always ChangingA RECENT EXAMPLE OF ONE OF OURCLIENTS WHAT DRIVES COMPLIANT INFRASTRUCTURE? Illustrative of how compliance requirements are ever changing • Ability to keep and grow your client base SaaS company delivering service to financial institutions • Avoiding potentially heavy fines • Just having sound security 2011: 8 areas required attention practices to protect your customer‘s and 2012: 87 areas required attention your business’s IP
  15. 15. # 15What It Takes to Be CompliantACCORDING TO PCI COMPLIANCE AND HIPAA STANDARDS THERE ARE MANYCATEGORIES THAT MUST BE MET TO ACHIEVE COMPLIANCE Build and maintain secure Implement strong access client and administrative networks control measures Regularly monitor and test Protect cardholder data and networks Personal Health Information Maintain an information Develop and maintain a security policy vulnerability management program Background checks on employees
  16. 16. # 16Compliance Use Case: Background Presently using AWS public cloud for non-compliant and less secure apps Secure computing is done in-house Wanted convenience and cost benefits of cloud: • Internal IT needed a solution that satisfied their business and legal stakeholders • Protects company against fines from HIPAA • Loss of IP • Damage to reputation
  17. 17. # 17
  18. 18. # 18
  19. 19. # 19
  20. 20. # 20
  21. 21. # 21Key Partnerships for Added SecurityLW PARTNERS WITH VASCO FOR MULTI-FACTOR AUTHENTICATION WHICH IS ACRITICAL PART OF MAINTAINING TRUE SECURITY THROUGH: Providing unique identifier for each admin Ensuring lost password, user name doesn’t compromise security Randomly generated user token, used in combination with other credentials
  22. 22. # 22Best Practice for ComplianceLOGICWORKS IMPLEMENTS COMPLIANCE BEST PRACTICES COMBINED INTO INTERFACEWITH MANAGEMENT CAPABILITIES: Network segregation Utilizing industry best practices Use of DMZ and role based Proactive in how we do access controls learning around potential violations around network Management checks and configuration balances • To ensure no changes Strict user verifications on all occur without management changes of client and Logicworks approval
  23. 23. # 23Incorporating RightScaleRIGHTSCALE PLAYS A KEY ROLE IN ACHIEVING BOTH CONVENIENCE AND COMPLIANCEBY: Deploying standardized Track and audit templates VMs with non-compliant and compliant templates Provides auditors and operations the ability to • AWS for noncompliant have an audit trail for templates compliance • Logicworks private cloud for compliant templates
  24. 24. # 24Solution Summary of Use CaseLOGICWORKS WAS ABLE TO DELIVER A SOLUTION THAT SATISFIEDALL THE STAKEHOLDERS:  Business users were able to build and deploy applications quickly, easily and cost effectively  Technical teams were not constantly responding to “rush” requests  Security teams no longer had to expend extra resources doing internal audits and creating excessive documentation  Legal was satisfied that they had sufficiently mitigated corporate risk
  25. 25. # 25Compliance is More Than TechnologyJUST AS IMPORTANT ARE THE PROCESSES WE MUST IMPLEMENTTO ENSURE THAT WE PASS AUDITS FROM BOTH REPORTING OF OUR PRACTICES ANDTHE DOCUMENTATION PERSPECTIVES: Logicworks process for additions, moves and changes Higher frequency of infrastructure and scanning for rogue devices, appropriate firewall rules and any other obvious points of intrusion into the system to better protect critical data How data is stored and, when necessary, destroyed Data restoration
  26. 26. # 26Compliance & Security: A PartnershipWHILE LOGICWORKS AND OUR PARTNERS CAN DELIVER A SECUREAND COMPLAINT SOLUTION, AS WE HAVE DISCUSSED, TRUE COMPLIANCE AND REALSECURITY ARE THE RESULT OF ALL PARTIES FOLLOWING BEST PRACTICESAND GUIDELINES: Logicworks regularly assists Compliance is a team effort our clients by providing and Logicworks, RightScale information to help them and our other partners are meet their compliance audits there to assist in helping to support PCI, HIPAA and businesses achieve whatever SSAE16 compliance standards that they must meet Business Associates Agreement
  27. 27. # 27Q&A and Resources• Contact RightScale: More Info: 1.866.720.0208 Sign up for RightScale Free Edition: Whitepapers: @rightscale Webinar archives:• Contact Logicworks: 866-FOR-LOGIC @logicworks